Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About aksharp
aksharp
Explorer
Member since:
07-09-2018
06-05-2020
Community Statistics
| Posts | 8 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 07-09-2018 |
Activity Feed
- Posted Splunk Add-on for Tomcat: Splunk forwarder not sending tomcat logs on All Apps and Add-ons. 06-25-2019 10:27 AM
- Tagged Splunk Add-on for Tomcat: Splunk forwarder not sending tomcat logs on All Apps and Add-ons. 06-25-2019 10:27 AM
- Tagged Splunk Add-on for Tomcat: Splunk forwarder not sending tomcat logs on All Apps and Add-ons. 06-25-2019 10:27 AM
- Tagged Splunk Add-on for Tomcat: Splunk forwarder not sending tomcat logs on All Apps and Add-ons. 06-25-2019 10:27 AM
- Tagged Splunk Add-on for Tomcat: Splunk forwarder not sending tomcat logs on All Apps and Add-ons. 06-25-2019 10:27 AM
- Posted How come our API results are only returning the first 100 results for metadata? on Getting Data In. 03-04-2019 10:22 AM
- Tagged How come our API results are only returning the first 100 results for metadata? on Getting Data In. 03-04-2019 10:22 AM
- Tagged How come our API results are only returning the first 100 results for metadata? on Getting Data In. 03-04-2019 10:22 AM
- Tagged How come our API results are only returning the first 100 results for metadata? on Getting Data In. 03-04-2019 10:22 AM
- Posted Re: Error while adding search peer to search head on Deployment Architecture. 08-20-2018 03:13 PM
- Posted Error while adding search peer to search head on Deployment Architecture. 08-19-2018 11:43 AM
- Tagged Error while adding search peer to search head on Deployment Architecture. 08-19-2018 11:43 AM
- Posted Re: Search from web UI not working on Splunk Search. 08-06-2018 03:31 PM
- Posted Search from web UI not working on Splunk Search. 07-25-2018 04:46 PM
- Tagged Search from web UI not working on Splunk Search. 07-25-2018 04:46 PM
- Posted Error [00000010] Instance name "indexer41.dev" Search head's authentication credentials rejected by peer. Try re-adding the peer. Last Connect Time:2018-07-10T16:07:50.000+00:00; Failed 1 out of 1 times. on Deployment Architecture. 07-10-2018 09:12 AM
- Tagged Error [00000010] Instance name "indexer41.dev" Search head's authentication credentials rejected by peer. Try re-adding the peer. Last Connect Time:2018-07-10T16:07:50.000+00:00; Failed 1 out of 1 times. on Deployment Architecture. 07-10-2018 09:12 AM
- Posted Re: Search head's authentication credentials rejected by peer. I've re-added peers 4 times and this keeps happening! on Security. 07-09-2018 03:20 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
06-25-2019
10:27 AM
We have configured Splunk forwarder system to send logs to Indexer. But for one particular application server Splunk forwarder stops sending logs for tomcat randomly, it forwards all other logs from the same directory. This continues until we restart Splunk forwarder manually. The issue is more frequent now happening once a week and we have no logs for that source in our Logmanager system till Splunk forwarder picks it up again.
The Info says something like below:
WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file='XXXX'
This is happening mostly after the log file is rotated. We are using Splunk Universal Forwarder 7.0.0 (build c8a78efdd40f)
Any help would be appreciated.
... View more
03-04-2019
10:22 AM
I'm trying to get the number of hosts reporting to Splunk via API, but the a normal curl -k is only able to return 100 results.
I tried adding the "count=0" parameter, but it just gives me 100 and cannot go further.
My search strings below.
curl -u user:passwd -k https://XXXX:8089/services/search/jobs -d search="metadata%20type%3Dhosts"
url -u user:passwd -k https://XXXX:8089/services/search/jobs/md_1551723351.24391/results?output_mode=csv&count=0
Any help is appreciated
... View more
Labels
- Labels:
-
Other
08-20-2018
03:13 PM
Thanks for the help.
The problem was with the permissions on the trusted.pem, changing ownership and giving it to app account solved the error.
It was not showing any errors in splunkd.log on SH or on the indexer when adding the peer. It was throwing error at splunk startup on SH, which made it a little confusing.
... View more
08-19-2018
11:43 AM
I'm getting the below error when adding a distributed search peer to search head on CLI or GUI.
/opt/splunk/bin/splunk add search-server x.x.x.x:8089 -auth admin:password -remoteUsername admin -remotePassword password
Invalid action for this internal handler (handler: distsearch-peer, supported: list|edit|remove|_reload|new|disable|enable|doc, wanted: create).
i'm able to connect to the indexer server via nc and there are no network or firewall blocks.
... View more
- Tags:
- splunk-enterprise
08-06-2018
03:31 PM
Thanks for the help! Our indexers were not configured correctly, we updated some some configs and it works now.
... View more
07-25-2018
04:46 PM
We are in a process of setting up new splunk env on CentOS 7. As part of it we have configured 1 search head and 1 indexer server.
We added the indexer to SH in the distributed search section(distsearch.conf), the status of that indexer is "up", Replication status "Successful", healthy status "healthy and No health check failures.
We are using splunkforwarders on our servers to push data to indexers, which is also working fine, i can see data coming from the selected servers in the metrics.log on indexer.
However when i search anything from web UI it gives me "no results found", also in data summary on home page it says "Waiting for results".
Even for index="_internal" there are "no results found".
Can anyone please point me in the right direction if i'm missing anything in the configs here.
... View more
- Tags:
- splunk-enterprise
07-10-2018
09:12 AM
I'm just trying to connect 1 search head to 1 indexer.
Search head splunkd log
07-09-2018 17:21:46.755 +0000 WARN GetRemoteAuthToken - Unable to get authentication token from peeruri="https://indexer1.dev:8089/services/admin/auth-tokens".
07-09-2018 17:21:46.755 +0000 WARN DistributedPeer - Peer:https://indexer41.dev:8089 Authentication Failed
Indexer splunkd.log
07-09-2018 17:21:46.747 +0000 WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user
07-09-2018 17:21:46.755 +0000 WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user
Both have the same trusted.pem under the distsearchkeys directory. Both have the same admin passwords in $SPLUNK_HOME/etc/passwd.
Any help appreciated.
... View more
- Tags:
- splunk-enterprise
07-09-2018
03:20 PM
I have the same issue with 1 search head and 1 indexer. I can add Peer but the console still has the same message.
The trusted.pem is getting passed on to the indexer correctly and the url -k -u admin:password https://indexer:8089/services/server/info give me the server info.
Can anyone help.
Details
Search head splunkd log
07-09-2018 17:21:46.755 +0000 WARN GetRemoteAuthToken - Unable to get authentication token from peeruri="https://indexer1.dev:8089/services/admin/auth-tokens".
07-09-2018 17:21:46.755 +0000 WARN DistributedPeer - Peer:https://indexer41.dev:8089 Authentication Failed
Indexer splunkd.log
07-09-2018 17:21:46.747 +0000 WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user
07-09-2018 17:21:46.755 +0000 WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
